摘要
提出了一种基于主机行为解析和行为关联分析的主机系统入侵检测方法,对嵌入式恶意软件具有较高的检测效率,可应用于基于网络行为的入侵检测系统。通过对行为进行深层次的解析,建立了行为间的关联关系模型,在降低存储异常行为样本规模的同时,提高了该方法的灵活性和应用范围。实验结果显示,与现有的异常行为检测方法相比,该方法需要较长的训练时间,但是,通过调整行为粒度,该方法可以使训练时间保持在合理的范围之内。随着时间的推进,该方法的性能将逐步提高,在漏报率、误报率及更新效率上,较现有系统都有较大的提高。
A method for detecting intrusions through analyses of host behavior and behavior correlation is proposed. The method can efficiently find out the malicious software that is embedded with anomaly codes, and can be applied to behavior-based intrusion detection systems (IDS). By mining the characters of normal and anomaly behaviors of hosts, a way to build the Markov model of relationship of meta-behaviors and a method to detect intrusions are giv- en. With them, the feasibility and scalability of the proposed method can be enhanced, and the store space can be reduced. The experimental results show that the loss-detection ratio, the error-detection ratio and the renew effi- ciency of the method are better than the existing methods, although it need more time to train datasets.
出处
《高技术通讯》
CAS
CSCD
北大核心
2012年第9期897-903,共7页
Chinese High Technology Letters
基金
国家发改委信息安全专项(发改办高技[2010]3044号)和江西省科技厅国际合作计划(2009BHB15100)资助项目.
